Splunk Search

Community Activity

Automatic Lookup not working debug Hello, I've always had trouble with automatic lookups and every time I manage to do it it seems that I do it differe... by user93 Communicator in Splunk Search 04-21-2020 0 0	0	0
create a status field based on 3 separate avgs I have a search that looks at the output of a few scripts and lets me know if they are not running. These scripts c... by codedtech Path Finder in Splunk Search 04-21-2020 0 1	0	1
How to create a beautified time difference? We have the following code: \| stats count min(_time) as min, max(_time) as max by src, .... \| eval delta = (max - mi... by danielbb Motivator in Splunk Search 04-21-2020 1 2	1	2
Replace only if commas exist I have a dashboard (form) that I'm trying to allow a text field to accept single values or comma separated values tha... by treverce Explorer in Splunk Search 04-21-2020 0 5	0	5
eval by rows i have a table data where in a row has 0's . i need to replace those 0 only for that row ex: rowname:data one:5 two... by jiaqya Builder in Splunk Search 04-21-2020 0 3	0	3
Field extraction on source type on splunk when i want to do field extraction ask me source type. and when I open this listbox show files on that path... by indeed_2000 Motivator in Splunk Search 04-21-2020 0 0	0	0
Search lookup containing IP addresses by CIDR mask I cannot find this question being asked this way round, so hopefully its not a duplicate. I have a lookup CSV like t... by joepjisc Path Finder in Splunk Search 04-21-2020 0 5	0	5
How to make a chart where the x-axis is a guid I have 3 fields: "Runtime_A", "Runtime_B", and "guid". My current query is: search \| chart values(guid) AS "Guid", ... by splunkuser2127 Loves-to-Learn in Splunk Search 04-20-2020 0 2	0	2
How to display 0 when there is No Records Found or Nothing returned the search (thanks for who provided this) is: \| tstats count where host=linux01 sourcetype="linux:audit" by _time sp... by splunkbeginner Engager in Splunk Search 04-20-2020 0 8	0	8
I have a search that returns activity summary by email address. I also have a ksv with KNOWN users. How do I list those users that have no activity in the search? someone suggested a join, but as a newbie...... Don't know how to do this. I believe I would need two searches, 1 b... by MwayneSmith Explorer in Splunk Search 04-20-2020 0 1	0	1
Convert CIDR Range into list of member IPs. Given a list of CIDR ranges ... 10.198.68.132/30, 10.244.18.150/31, 10.48.37.96/24 Is there a search that could extr... by pkeller Contributor in Splunk Search 04-20-2020 0 2	0	2
How do you overlay charts that are linked together with a field? I have 3 extraction fields: "guid", "runtime_general", "runtime_specific". There is also a value "A" that I will sea... by splunkuser2127 Loves-to-Learn in Splunk Search 04-20-2020 0 0	0	0
Field extraction tool not showing whole event. I'm trying to use the field extraction tool. The problem is that the field I want to extract is about 18 lines down ... by nocostk Communicator in Splunk Search 04-20-2020 0 4	0	4
How to fill empty or missing data values based on approximations of previous values? Hello All, I spent a lot of time trying to figure out how to fill out missing data with approximations based on the ... by bntdumas Engager in Splunk Search 04-20-2020 0 6	0	6
Stumped. Selective removal of events while keeping others. Ideally avoiding mvexpand. Hi folks, I'm having a hard time with this one. Maybe I need more coffee. Say I have several events like this: Event... by loc_spl New Member in Splunk Search 04-20-2020 0 1	0	1
searchs that does not succeed Hello, I would like to know how to find searchs that do not succeed (no results or with errors) ? Some users complain... by warmup031 Explorer in Splunk Search 04-20-2020 0 2	0	2
Regex in splunk Hello I am trying to get a regex to work in splunk but without success, perhaps someone here can help me? This work... by malgru New Member in Splunk Search 04-20-2020 0 3	0	3
Parsing of highly nested JSON events with arrays We want to parse highly nested jsons into expanded tables. We found that the following code works, given we apply the... by wfskmoney Path Finder in Splunk Search 04-20-2020 0 2	0	2
Can I search with case insensitive fields. Hello there, Is there a way to address all fields case insensitively. To illustrate my point I have this query, ind... by iet_ashish Explorer in Splunk Search 04-20-2020 0 1	0	1
Splunk Join not working I am trying to create a result set out of 2 search queries with a common field.I have tried multiple solutions provid... by coolkris New Member in Splunk Search 04-20-2020 0 3	0	3
How to re-use list of values. I have a query which essentially looks like this, \| makeresults count=1 \| eval host="host1, host2, host3, host4, ho... by iet_ashish Explorer in Splunk Search 04-20-2020 0 5	0	5
count occurrence of value in field in a single event I have 6 sources with json event in the following structure (each source with different data of tests): "tests": [... by navap123 Explorer in Splunk Search 04-20-2020 0 3	0	3
Extracting values from a event log search for key value pairs Hello community, I am using search to get the values for ‘runtime’ and trying to get overall stats for a runtime va... by mpd202004 New Member in Splunk Search 04-20-2020 0 3	0	3
What is "batch mode" search? Hi, I'm testing out some features in 6.3, and looking at increasing our search and index throughput. One of the set... by a212830 Champion in Splunk Search 04-19-2020 1 6	1	6
About dropdown filter There is a dropdown filter on the dashboard. How can I select multiple values for that filter? by manakin New Member in Splunk Search 04-19-2020 0 2	0	2